VULNERABILITIES / FIXES - May 11, 2012
by Carol~ - 5/11/12 6:18 AM
Drupal Contact Forms Module Security Bypass Security Issue
Release Date : 2012-05-11
Criticality level : Less critical
Ipact : Security Bypass
Where : From remote
Solution Status : Vendor Patch
Software: Drupal Contact Forms Module 7.x
A security issue has been reported in the Contact Forms module for Drupal, which can be exploited by malicious users to bypass certain security restrictions.
The security issue is caused due to the module not properly restricting access to the Contact Form settings and can be exploited to edit the settings.
Successful exploitation requires the "access the site-wide contact form" permission.
The security issue is reported in 7.x-1.x versions prior to 7.x-1.2.
Update to version 7.x-1.3.
Provided and/or discovered by:
The vendor credits Vlad D.